- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-07-2014 10:55 PM
Hi,
I can see the PANW SYSLOG server profile transport SSL on 6514 and I am just trying to work out if this can be received by Logger?
Thanks for looking.
Cheers
Richard
07-07-2014 11:27 PM
Hello Richard,
If configured to use SSL for encryption of the logs, a listener on port 6514 will be created on the PAN firewall. Now, could you please check on your ArcSight Logger, whether it supports encrypted logs on port 6514. Otherwise, you can change the port on PAN FW according to your logger.
(ArcSight Logger: Streams real-time data and categorizes them into specific logs)
PAN FW configuration options:Device tab > Server Profiles > Syslog
Select Transport as either UDP, TCP or SSL. UDP and TCP default port 514, SSL default port 6514.
Thanks
07-07-2014 11:30 PM
A related blog on this topic: Eric Romang Blog » ArcSight Logger L750MB – Syslog SmartConnector and Snare installation
Thanks
07-07-2014 11:48 PM
Thanks HULK, I can't see anything like SSL/TLS/Encrypted options under the Logger Receivers section...
Looks like Splunk supports it:
How to get tcp-ssl input for Splunk 6.0 to work - Splunk Community
EDITED to remove reference to SmartConnectors as i'm not sure it's relevant.
07-08-2014 12:05 AM
Yes, it looks like, you need a smartconnector to communicate with your logger. These logs are normalized in CEF (Common Event Format) and send encrypted to the Logger in SmartMessage format on port 9000/TCP.
Thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!